tedkulp / cmsmadesimple-2-0 fork watch download tarball
public
Description: Git mirror of the CMS Made Simple 2.0 rewrite
Homepage: http://cmsmadesimple.org
Clone URL: git://github.com/tedkulp/cmsmadesimple-2-0.git 
Fixed potential issue in the template processing.

git-svn-id: http://svn.cmsmadesimple.org/svn/cmsmadesimple/trunk@4010 
3d254a34-79dc-0310-9e5f-be208747d8a0
tedkulp (author)
Mon Jun 11 05:59:12 -0700 2007
commit  24e29fb739f4960a6fe0ac9dd2e98f6de6751d15
tree    a3ce9a98807f2a935c0596051843d6357d236283
parent  2639e05da2b568c40a56d349f901104119b6e21e
0
lib/classes/module_support/modtemplates.inc.php 
...
75
76
77
 
 
 
78
79
80
...
128
129
130
 
 
 
131
132
133
...
146
147
148
 
 
 
149
150
151
...
160
161
162
 
 
 
163
164
165
...
194
195
196
 
 
 
197
198
199
 
...
75
76
77
78
79
80
81
82
83
...
131
132
133
134
135
136
137
138
139
...
152
153
154
155
156
157
158
159
160
...
169
170
171
172
173
174
175
176
177
...
206
207
208
209
210
211
212
213
214
 
0
@@ -75,6 +75,9 @@ function cms_module_GetTemplate(&$modinstance, $tpl_name, $modulename = '')
0
  */
0
 function cms_module_GetTemplateFromFile(&$modinstance, $template_name)
0
 {
0
+	$ok = (strpos($tpl_name, '..') === false);
0
+	if (!$ok) return;
0
+
0
   global $gCms;
0
   $config = &$gCms->GetConfig();
0
   $tpl_base  = $config['root_path'].DIRECTORY_SEPARATOR.'modules'.DIRECTORY_SEPARATOR;
0
@@ -128,6 +131,9 @@ function cms_module_DeleteTemplate(&$modinstance, $tpl_name = '', $modulename =
0
 
0
 function cms_module_IsFileTemplateCached(&$modinstance, $tpl_name, $designation = '', $timestamp = '', $cacheid = '')
0
 {
0
+	$ok = (strpos($tpl_name, '..') === false);
0
+	if (!$ok) return;
0
+
0
   global $gCms;
0
   $smarty = &$gCms->GetSmarty();
0
   $oldcache = $smarty->caching;
0
@@ -146,6 +152,9 @@ function cms_module_IsFileTemplateCached(&$modinstance, $tpl_name, $designation
0
 
0
 function cms_module_ProcessTemplate(&$modinstance, $tpl_name, $designation = '', $cache = false, $cacheid = '')
0
 {
0
+	$ok = (strpos($tpl_name, '..') === false);
0
+	if (!$ok) return;
0
+
0
   global $gCms;
0
   $smarty = &$gCms->GetSmarty();
0
 
0
@@ -160,6 +169,9 @@ function cms_module_ProcessTemplate(&$modinstance, $tpl_name, $designation = '',
0
 
0
 function cms_module_IsDatabaseTemplateCached(&$modinstance, $tpl_name, $designation = '', $timestamp = '')
0
 {
0
+	$ok = (strpos($tpl_name, '..') === false);
0
+	if (!$ok) return;
0
+
0
   global $gCms;
0
   $smarty = &$gCms->GetSmarty();
0
   $oldcache = $smarty->caching;
0
@@ -194,6 +206,9 @@ function cms_module_ProcessTemplateFromData(&$modinstance, $data)
0
 
0
 function cms_module_ProcessTemplateFromDatabase(&$modinstance, $tpl_name, $designation = '', $cache = false)
0
 {
0
+	$ok = (strpos($tpl_name, '..') === false);
0
+	if (!$ok) return;
0
+
0
   global $gCms;
0
   $smarty = &$gCms->GetSmarty();
0
 

Comments

    No one has commented yet.